In a country like Mexico, where digitalization is advancing at great speed—across banking, commerce, industry, healthcare, and services—this commemoration ceases to be symbolic and becomes an urgent call to action.
In recent years, the country has climbed the ranks among the most attacked in Latin America. Evidence of this is that Mexico suffered 237,000 ransomware attack attempts between August 2024 and July 2025, consolidating its position as the second most attacked country in Latin America, according to Kaspersky.
The growing sophistication of threats, driven by automation and Artificial Intelligence (AI), has changed the rules of the game: attacks are no longer indiscriminate, but targeted, persistent, and designed to exploit specific vulnerabilities in applications, identities, infrastructures, and people.
While Mexico is preparing its National Cybersecurity Plan and intends to introduce a General Cybersecurity Law, promoted by the Agency for Digital Transformation and Telecommunications (ATDT), organizations today must think of cybersecurity as a strategic pillar, rather than merely a set of technical tools. Digital security must be conceived as a comprehensive strategy, aligned with business objectives and capable of protecting systems, operational continuity, reputation, and the trust of customers and users.
One of the main mistakes companies make in this area is approaching cybersecurity reactively. Detecting vulnerabilities only after damage has occurred translates into financial losses, service disruptions, and reputational harm that is difficult to reverse. In response, a preventive approach becomes essential—one based on continuous risk exposure management that enables threats to be identified, prioritized, and mitigated before they can be exploited.
From this perspective, modern cybersecurity integrates multiple layers: application protection from the development stage, identity and access control under Zero Trust models, continuous infrastructure monitoring, and early detection of anomalous behavior through advanced analytics and AI. The goal is not to add more controls, but to orchestrate them intelligently, with end-to-end visibility and real-time response capabilities.
Another critical aspect is the human factor. Safer Internet Day also highlights people as the first line of defense. Phishing, social engineering, and the misuse of credentials remain among the primary entry points for attackers. For this reason, cybersecurity awareness and training programs are no longer optional—they are an essential part of any sustainable protection strategy. An informed and alert organizational culture significantly reduces the attack surface.
Added to this is an emerging challenge: the accelerated adoption of AI within organizations. While this technology is a powerful ally for detecting threats, automating responses, and strengthening security, it also introduces new risks if not properly managed. Protecting AI lifecycles—from data and models to agents and services—is key to preventing data corruption, misuse, or uncontrolled automated decision-making.
In this context, cybersecurity stops being a barrier to innovation and becomes an enabler of digital growth. Organizations that integrate security by design, continuously monitor their exposure, and build internal capabilities to anticipate risks are better prepared to innovate with confidence.
Safer Internet Day should not be limited to a date on the calendar. It is an opportunity for companies, governments, and users to reflect on the real state of their digital security and make strategic decisions. In an increasingly interconnected ecosystem, the question is no longer whether an organization will be attacked, but how prepared it is to prevent, detect, and respond.
Mexico faces both a challenge and an opportunity to strengthen its cybersecurity maturity. Committing to a comprehensive, continuous, and business-aligned approach is the first step toward building a safer, more resilient, and more trustworthy digital environment. Because a truly secure internet is not achieved through technology alone, but through strategy, culture, and long-term vision.
By Matías Szmulewiez, Cybersecurity Practice Head at Baufest.
